| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. However, in an SELinux based world, allowing
this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE
(without :process ptrace) already provides.
Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE.
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Bug: 34951864
Bug: 38496951
Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34
(cherry picked from commit 448669540c0b7c22ee8b8293217818f8f92238b6)
(cherry picked from commit c15810c527ffa6953108f68365cf2df9e0868096)
|
|\
| |
| |
| |
| |
| |
| |
| | |
CYNGNOS-3303
Android 6.0.1 release 74
Change-Id: Icf0638b4bfa8716f8b4b1b63481755cf3420e613
|
| |
| |
| |
| |
| |
| | |
bug: 30963384
Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5
(cherry picked from commit 3ff0b0282688c3776904b8e5409a4dfb7f231e73)
|
|\|
| |
| |
| |
| |
| | |
Android 6.0.1 Release 61 (MOB30Z)
Change-Id: If4ef759eb48ed270f658c2412cea5f7edd9b3d97
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows the shell user to control whether unprivileged access to
perf events is allowed.
To enable unprivileged access to perf:
adb shell setprop security.perf_harden 0
To disable it again:
adb shell setprop security.perf_harden 1
This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.
(Cherry picked from commit 38ac77e4c2b3c3212446de2f5ccc42a4311e65fc)
Bug: 29054680
Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f
|
| |
| |
| |
| |
| | |
Change-Id: I4c318efba76e61b6ab0be9491c352f281b1c2bff
Bug: 19160983
|
|\|
| |
| |
| |
| |
| | |
Ticket: CYNGNOS-3020
Change-Id: Ia88a540cb0a5d2bf379d03053095a64cc4c73276
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
SELinux defines various classes for various socket types, including
tcp_socket, udp_socket, rawip_socket, netlink_socket, etc. Socket
classes not known to the SELinux kernel code get lumped into the generic
"socket" class. In particular, this includes the AF_MSM_IPC socket
class.
Bluetooth using apps were granted access to this generic socket class at
one point in 2012. In 1601132086b054adc70e7f8f38ed24574c90bc37,
a TODO was added indicating that this access was likely unnecessary. In
cb835a2852997dde0be2941173f8c879ebbef157, an auditallow was added to
test to see if this rule was actually used, and in master branch
d0113ae0aed1a455834f26ec847b6ca8610e3b16, this rule was completely
deleted.
Revoke access to the generic socket class for isolated_app,
untrusted_app, and shell for older Android releases. This is
conceptually a backport of d0113ae0aed1a455834f26ec847b6ca8610e3b16, but
affecting fewer domains to avoid potential breakage.
Add a neverallow rule asserting that this rule isn't present for the
untrusted domains. Contrary to our usual conventions, the neverallow
rule is placed in bluetooth.te, to avoid merge conflicts and simplify
patching.
Bug: 28612709
Bug: 25768265
Change-Id: Ibfbb67777e448784bb334163038436f3c4dc1b51
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Restrict unix_dgram_socket and unix_stream_socket to a whitelist
for all domains. Remove ioctl permission for netlink_selinux_socket and
netlink_route_socket for netdomain.
Bug: 28171804
Bug: 27424603
Change-Id: I650639115b8179964ae690a39e4766ead0032d2e
|
|\|
| |
| |
| |
| | |
Ticket: RM-234
Android 6.0.1 release 30
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove untrusted/isolated app access to device private commands.
Only allow shell user to access unprivileged socket ioctl commands.
Bug: 26324307
Bug: 26267358
Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2
|
|\ \
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/platform/external/sepolicy into cm-13.0
Android 6.0.1 release 22
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
57531cacb4 am: c0ce53cc8d
am: f290a2ddd0
* commit 'f290a2ddd08e9b27fbded7a999238b2ae4517bf5':
DO NOT MERGE: Further restrict access to socket ioctl commands
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
am: c0ce53cc8d
* commit 'c0ce53cc8d4538b9215702df1c6f5208cf415cda':
DO NOT MERGE: Further restrict access to socket ioctl commands
|
| | | |\ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
am: 57531cacb4
* commit '57531cacb40682be4b1189c721fd1e7f25bf3786':
DO NOT MERGE: Further restrict access to socket ioctl commands
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Remove untrusted/isolated app access to device private commands.
Only allow shell user to access unprivileged socket ioctl commands.
Bug: 26324307
Bug: 26267358
Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 26211308
Change-Id: I8fd2d14ea52d49a33e6cdbcdf90630eea89f7dd0
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
am: 32d207e042
* commit '32d207e042c280a1d230e180dc6d49aba3b0248c':
Enable permission checking by binderservicedomain.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control. Allow these
services to query the permission service for access decisions.
Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | | |
into cw-e-dev
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This reverts commit cda36e31d162bbab78b19c61c166e15f18815788.
This will be moved to a device specific file.
BUG: 24555181
Change-Id: I0eb543211245c37da77bbf42449f70ff3fdf79ec
|
| |\ \ \ \ \
| | | |/ / /
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
7d20f40879 am: a8bbe96d8b
am: 5eac92174c
* commit '5eac92174c8a036e088337c1c44f1ea84ab59b0f':
|
| | |\ \ \ \
| | | | |/ /
| | | |/| |
| | | | | |
| | | | | |
| | | | | | |
am: a8bbe96d8b
* commit 'a8bbe96d8b3fc76bd36e7f6582b79c94a7ecaa80':
|
| | | |\ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
am: 7d20f40879
* commit '7d20f40879d1cdcc39dc6e876371020c258d5a86':
|
| | | | |\ \ \ |
|
| |\| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
mnc-dr-dev
am: 6ab438dc8b
* commit '6ab438dc8b4c8b661c8209ecfb66b626b8bdc532':
untrusted_apps: Allow untrusted apps to find healthd_service.
|
| |\ \ \ \ \ \ \
| | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
33a779fecb
* commit '9fcc949f3ca6c2a6d968f3bde57c8ce89f5d9bc6':
bluetooth.te: Relax bluetooth neverallow rule.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Bug: 21445745
Change-Id: I59fd20f61a5e669e000f696f3738cc11071920aa
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* commit '48dae29f9a046b328b49abd2073e134d7c29b274':
Allow system_server to bind ping sockets.
|
| |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '0b764ae98a7fe452690616b7d722a63bb7cd5fa8':
Allow untrusted_app to list services.
|
| | |_|_|_|_|_|/ /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Bug: 23375670
Change-Id: I0454c580b465a2f0edc928cf0effb71733866f03
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* Causes android.cts.security.SELinuxHostTest#testAospPropertyContexts
test failure since it's looking for an exact string match.
This reverts commit 60ddcc03e9401c3fb1e064bb84171a112a9bb8be.
Change-Id: I66b5e1d59588be7b73b49f9b0e06d4834a008cf3
|
|\ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|/
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
https://android.googlesource.com/platform/external/sepolicy into cm-13.0
Android 6.0.1 release 3
|
| | |_|_|_|/ / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control. Allow these
services to query the permission service for access decisions.
Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b
|
| |\ \ \ \ \ \ \
| | |_|_|_|/ / /
| |/| | | | | |
| | | | | | | | |
mnc-dr-dev
|
| | |/ / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This allows apps to find the healthd service which is used to query
battery properties.
Bug: 24759218
Change-Id: I72ce5a28b2ffd57aa424faeb2d039b6c92f9597d
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
|
| |\ \ \ \ \ \
| | |_|_|/ / /
| |/| | | / /
| | | |_|/ /
| | |/| | | |
* commit '63af426a6ebc5c340a7144164f7458b35002d6f5':
bluetooth.te: Relax bluetooth neverallow rule.
|
| | |\ \ \ \
| | | |/ / /
| | |/| | /
| | | | |/
| | | |/|
| | | | |
| | | | | |
am: 33a779fecb
* commit '33a779fecbdaa87756922adc690b4e38382d8e5f':
bluetooth.te: Relax bluetooth neverallow rule.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 24866874
Change-Id: Ic13ad4d3292fe8284e5771a28abaebb0ec9590f0
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Android 6.0.0 release 26
|
| |\ \ \ \ \
| | |/ / / /
| |/| | | | |
|
| | |\ \ \ \
| | | |_|_|/
| | |/| | | |
|
| | | |\ \ \
| | | | |_|/
| | | |/| | |
|
| | | | |\ \ |
|
| | | | | |\ \ |
|
| | | | | | |\ \ |
|
| | | | | | | |\ \ |
|
| | | | | | | | |\ \ |
|
| |\ \ \ \ \ \ \ \ \ \
| | |/ / / / / / / / /
| |/| | | | | | | | | |
|
| | | |_|_|_|_|_|_|/
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This allows NetworkDiagnostics to send ping packets from specific
source addresses in order to detect reachability problems on the
reverse path.
This addresses the following denial:
[ 209.744636] type=1400 audit(1441805730.510:14): avc: denied { node_bind } for pid=8347 comm="Thread-202" saddr=2400:xxxx:xxxx:xxxx:40b1:7e:a1d7:b3ae scontext=u:r:system_server:s0 tcontext=u:object_r:node:s0 tclass=rawip_socket permissive=0
Bug: 23661687
(cherry picked from commit c37121436be95ae2ed75cb83605940455446ef4e)
Change-Id: Ia93c14bc7fec17e2622e1b48bfbf591029d84be2
|